You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2012/09/26 18:54:21 UTC
svn commit: r1390598 -
/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
Author: dkulp
Date: Wed Sep 26 16:54:20 2012
New Revision: 1390598
URL: http://svn.apache.org/viewvc?rev=1390598&view=rev
Log:
If using something other than Basic auth, create a AuthorizationPolicy object based on what we CAN retrieve from the HTTP Request
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java?rev=1390598&r1=1390597&r2=1390598&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java Wed Sep 26 16:54:20 2012
@@ -151,7 +151,7 @@ public abstract class AbstractHTTPDestin
return bus;
}
- private AuthorizationPolicy getAuthorizationPolicyFromMessage(String credentials) {
+ private AuthorizationPolicy getAuthorizationPolicyFromMessage(String credentials, Principal pp) {
if (credentials == null || StringUtils.isEmpty(credentials.trim())) {
return null;
}
@@ -168,13 +168,29 @@ public abstract class AbstractHTTPDestin
AuthorizationPolicy policy = new AuthorizationPolicy();
policy.setUserName(username);
policy.setPassword(password);
+ policy.setAuthorizationType(authType);
return policy;
} catch (Base64Exception ex) {
// Invalid authentication => treat as not authenticated
}
+ } else if (pp != null) {
+ AuthorizationPolicy policy = new PrincipalAuthorizationPolicy(pp);
+ policy.setUserName(pp.getName());
+ policy.setAuthorization(credentials);
+ policy.setAuthorizationType(authType);
+ return policy;
}
return null;
}
+ public static final class PrincipalAuthorizationPolicy extends AuthorizationPolicy {
+ final Principal principal;
+ public PrincipalAuthorizationPolicy(Principal p) {
+ principal = p;
+ }
+ public Principal getPrincipal() {
+ return principal;
+ }
+ }
/**
* @param message the message under consideration
@@ -252,6 +268,7 @@ public abstract class AbstractHTTPDestin
super.cacheInput();
}
};
+
inMessage.setContent(DelegatingInputStream.class, in);
inMessage.setContent(InputStream.class, in);
inMessage.put(HTTP_REQUEST, req);
@@ -305,8 +322,8 @@ public abstract class AbstractHTTPDestin
}
inMessage.put(Message.FIXED_PARAMETER_ORDER, isFixedParameterOrder());
inMessage.put(Message.ASYNC_POST_RESPONSE_DISPATCH, Boolean.TRUE);
+ final Principal pp = req.getUserPrincipal();
inMessage.put(SecurityContext.class, new SecurityContext() {
- private Principal pp = req.getUserPrincipal();
public Principal getUserPrincipal() {
return pp;
}
@@ -315,10 +332,11 @@ public abstract class AbstractHTTPDestin
}
});
+
Headers headers = new Headers(inMessage);
headers.copyFromRequest(req);
String credentials = headers.getAuthorization();
- AuthorizationPolicy authPolicy = getAuthorizationPolicyFromMessage(credentials);
+ AuthorizationPolicy authPolicy = getAuthorizationPolicyFromMessage(credentials, pp);
inMessage.put(AuthorizationPolicy.class, authPolicy);
propogateSecureSession(req, inMessage);